Buffer overflow in Portable_sdk_for_upnp_project Portable_sdk_for_upnp

CVE-2012-5965

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute a…

Vulnerability class: Buffer Overflow

EPSS: 0.717 (98.8th percentile) — read the EPSS interpretation.

Affected products

Portable_sdk_for_upnp_project Portable_sdk_for_upnp — versions 1.3.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities (x_refsource_CISCO, vendor-advisory)
MDVSA-2013:098 (vendor-advisory, x_refsource_MANDRIVA)
cret@cert.org (x_refsource_MISC)
DSA-2615 (vendor-advisory, x_refsource_DEBIAN)
DSA-2614 (vendor-advisory, x_refsource_DEBIAN)
57602 (Exploit, vdb-entry, x_refsource_BID)
cret@cert.org (x_refsource_MISC)
cret@cert.org (x_refsource_CONFIRM)
cret@cert.org (x_refsource_MISC)
VU#922681 (x_refsource_CERT-VN, US Government Resource, Patch, third-party-advisory)